def post(self):
params = {}
error = False
if not self.request.get('oldpass'):
params['oldpass'] = '******'
error = True
if not self.request.get('newpass'):
params['newpass'] = "******"
error = True
if not self.request.get('passval'):
params['valpass'] = '******'
error = True
if not self.request.get('valpass') == self.request.get('newpass'):
params['errorMessage'] = "Passwords didn't match"
if(self.request.cookies.get('user') and self.check_secure_val(self.request.cookies.get('user'))):
user = databases.User.get_by_id(int(self.request.cookies.get('user').split('|')[0]))
oldpass = self.request.get('oldpass')
newpass = self.request.get('newpass')
passval = self.request.get('passval')
if error:
self.render("changepass.html", **params)
else:
if util.valid_pw(user.email, oldpass, user.pw_hash) and (newpass == newpass):
passhash = util.make_pw_hash(user.email, newpass)
user.pw_hash = passhash
user.put()
self.redirect('/')
def post(self):
user = databases.User.get_by_id(int(self.request.cookies.get('user').split('|')[0]))
firstname = user.name.split(' ')[0]
lastname = user.name.split(' ')[1]
if self.request.get('user_password') == '' or util.valid_pw(user.email, self.request.get('user_password'), user.pw_hash) == False:
self.render('profile.html', password = '******', user = user, firstname = firstname, lastname = lastname)
else:
user.name = self.request.get('user_first') + " " + self.request.get('user_last')
user.email = self.request.get('user_email')
user.pw_hash = util.make_pw_hash(user.email, self.request.get('user_password'))
user.put()
if not self.request.POST[u'image'] == "":
try:
data = self.request.POST[u'image'].file.read()
name = self.request.POST[u'image'].filename
filetype = self.request.POST[u'image'].type
image = databases.userImage(name = name, data = data, filetype = filetype, user = user)
for i in databases.userImage.all():
if i.user.key().id() == user.key().id():
logging.debug('Deleted: ' + i.name)
i.delete()
logging.debug("Put: " + image.name)
image.put()
self.redirect('/')
except Exception as e:
error = "Image must be smaller than 1mb."
logging.error(e)
self.render('profile.html', user = user, firstname = firstname, lastname = lastname, error = error)
else:
logging.debug('No image')
self.redirect('/')
def login(request):
error = ""
redirect_to = request.REQUEST.get('next', '')
if request.method == "POST":
form = blogForms.LoginForm(request.POST)
if form.is_valid():
try:
#Gets the user from the db if it exists
u = User.objects.get(username=request.POST['username'])
#Compares password user gave with pass stored in db
if util.valid_pw(request.POST['username'], request.POST['password'], u.password):
#Sets cookie if login is valid
uid = u.id
val = util.make_secure_val(str(uid))
# if request.REQUEST.get('next', ''):
if redirect_to:
response = HttpResponseRedirect(redirect_to)
else:
response = HttpResponseRedirect('/')
# else:
# response = HttpResponseRedirect('/')
response.set_cookie("user",val, max_age=2629740)
return response
#If the user doesn't exist
except ObjectDoesNotExist:
error = "Invalid Login"
else:
error = "Invalid Login"
else:
error = "Invalid Login"
else:
form = blogForms.LoginForm()
return render_to_response("login.html", {"form": form, "error": error, "redirect_to": redirect_to}, context_instance=RequestContext(request))
def post(self):
username = self.request.get('username')
password = self.request.get('password')
user = models.Admin.login_validation(username)
if user and util.valid_pw(username, password, user.admin_pw_hash):
# If statement below prevents default error message on /blog/login
if util.valid_pw(username, password, user.admin_pw_hash):
# var added to 'admin' to provide unique cookie for each login
var = util.random_letters()
self.set_secure_cookie('user_id', 'admin' + var)
self.redirect('/admin-pref')
return
else:
self.generate('login.html',
{'error_login': '******'})
def post(self):
username = self.request.get('username')
password = self.request.get('password')
user = models.Admin.login_validation(username)
if user and util.valid_pw(username, password, user.admin_pw_hash):
# If statement below prevents default error message on /blog/login
if util.valid_pw(username, password, user.admin_pw_hash):
# var added to 'admin' to provide unique cookie for each login
var = util.random_letters()
self.set_secure_cookie('user_id', 'admin' + var)
self.redirect('/admin-pref')
return
else:
self.generate('login.html',
{'error_login': '******'})
def is_valid_login(self, username, password):
username_code = util.get_code(username)
# Find the user in the database
user = runners.Runners.get_by_key_name(username_code, parent=runners.key())
if not user:
return False, dict(user_error="Username not found")
# Check for valid password
if util.valid_pw(username_code, password, user.password):
return True, dict()
else:
return False, dict(pass_error="Invalid password")
class Handler(webapp2.RequestHandler):
OVER_QUOTA_ERROR = 'OVER_QUOTA_ERROR'
# Writing and rendering utility functions
def write(self, *a, **kw):
self.response.out.write(*a, **kw)
def render_str(self, template, **params):
t = JINJA_ENVIRONMENT.get_template(template)
return t.render(params)
def render(self, template, **kw):
self.write(self.render_str(template, **kw))
def render_json( self, obj ):
self.response.headers[ 'Content-Type' ] = ( 'application/json; '
+ 'charset=UTF-8' )
self.response.headers[ "Access-Control-Allow-Origin" ] = ("*")
# Allow javascript from any domain to access the JSON
# self.response.headers.add_header( 'Access-Control-Allow-Origin', '*' )
self.write( json.dumps( obj, cls = util.MyJSONEncoder ) )
# Helpful override to determine the format of the output
def initialize( self, *a, **kw ):
webapp2.RequestHandler.initialize( self, *a, **kw )
if self.request.path.endswith( '.json' ):
self.format = 'json'
else:
self.format = 'html'
# User login functions
def is_valid_login( self, username, password ):
username_code = util.get_code( username )
# Find the user in the database
try:
user = runners.Runners.get_by_key_name( username_code,
parent=runners.key() )
except apiproxy_errors.OverQuotaError, msg:
logging.error( msg )
return False, dict( user_error="Over quota error" )
if not user:
return False, dict( user_error="Username not found" )
# Check for valid password
if util.valid_pw( username_code, password, user.password ):
return True, dict( )
else:
return False, dict( pass_error="Invalid password" )
def is_valid_login(self, username, password):
username_code = util.get_code(username)
# Find the user in the database
user = runners.Runners.get_by_key_name(username_code,
parent=runners.key())
if not user:
return False, dict(user_error="Username not found")
# Check for valid password
if util.valid_pw(username_code, password, user.password):
return True, dict()
else:
return False, dict(pass_error="Invalid password")
def post(self):
username = self.request.get('username')
password = self.request.get('password')
if(not username or not password):
self.render('login.html', username = username, error = "Missing Username or Password")
else:
u = models.User.by_name(username)
if(not u):
self.render('login.html', username = username, error = "Invalid Username")
elif(not util.valid_pw(username, password, u.pw_hash)):
self.render('login.html', username = username, error = "Invalid Password")
else:
self.set_cookie('user', str(u.key().id()))
self.redirect('/')
def post(self):
user_username = self.request.get('username')
user_password = self.request.get('password')
err1 = ""
users = db.GqlQuery("SELECT * FROM User")
user_exist = None
for user in users:
if util.valid_pw(user_username,user_password,user.password):
user_exist = user
if user_exist:
user_id = user_exist.key().id()
new_cookie_val = util.make_secure_val(str(user_id))
self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' % new_cookie_val)
self.redirect("/blog/welcome")
else:
err1 = "Invalid login"
self.render("login.html",error = err1)
def change_username(cls, new_username, pw):
"""Function to change Admin username in preferences page.
Password re-hashing is required since the stored password
hashes are a function of the username.
"""
if not new_username or not pw:
return 'A new username and or password is required. Retry.'
elif len(new_username) < 6:
return 'Username must be greater than 6 characters'
else:
admin_key = db.Key.from_path('Admin', 'admin_key_name')
admin = Admin.get(admin_key)
if not util.valid_pw(admin.admin_username, pw,
admin.admin_pw_hash):
return 'Invalid Password. Please Retry.'
else:
admin.admin_username = new_username
pw_hash = util.make_pw_hash(new_username, pw)
admin.admin_pw_hash = pw_hash
admin.put()
return 'Username change was successful!'
def change_username(cls, new_username, pw):
"""Function to change Admin username in preferences page.
Password re-hashing is required since the stored password
hashes are a function of the username.
"""
if not new_username or not pw:
return 'A new username and or password is required. Retry.'
elif len(new_username) < 6:
return 'Username must be greater than 6 characters'
else:
admin_key = db.Key.from_path('Admin', 'admin_key_name')
admin = Admin.get(admin_key)
if not util.valid_pw(admin.admin_username, pw,
admin.admin_pw_hash):
return 'Invalid Password. Please Retry.'
else:
admin.admin_username = new_username
pw_hash = util.make_pw_hash(new_username, pw)
admin.admin_pw_hash = pw_hash
admin.put()
return 'Username change was successful!'
def post(self):
params = {}
error = False
email = util.escape(self.request.get("email"))
password = util.escape(self.request.get("password"))
params['email'] = email
if not email:
params['errorEmail'] = 'error'
params['errorMessage'] = "Please enter email"
error = True
if not password:
params['errorPass'] = '******'
params['errorMessage'] = "Please enter password"
error = True
u = databases.User.by_email(email)
if not u:
params['errorEmail'] = 'error'
params['errorPass'] = '******'
params['errorMessage'] = "Invalid email"
error = True
elif not util.valid_pw(email, password, u.pw_hash):
params['errorEmail'] = 'error'
params['errorPass'] = '******'
params['errorMessage'] = "Invalid password"
error = True
if error:
self.render('login.html', **params)
else:
self.set_cookie('user', str(u.key().id()))
logging.info(u.name + " logged in")
self.redirect('/')
def login(cls, name, pw):
u = cls.by_name(name)
if u and valid_pw(name, pw, u.pw_hash):
return u